News

NSA Cyber Sleuths Rack Up Tech Patents

National Security Agency (NSA) analyst Daryle Deloatch works mainly with mobile devices—phones, iPads and the like. Although his day job immerses him in the cybersecurity issues inherent to use of these technologies, he writes programs to fix them as a "side project."

A self-described "tech weenie," Deloatch devoted spare time at the agency to developing a method for detecting tampering with a mobile device, such as someone who tries to swap out a phone's SIM card.

"When I originally made the technology, I was thinking along the lines of something I would want: a security solution," he said. "It's very helpful because with identity theft, with malware, with any action that might take place unbeknownst to me, I have an early warning that something's going on with my phone."

The technology could have a range of applications, he said, including for critical infrastructure operators who increasingly rely on portable devices to remotely log in and manage industrial control systems. Deloatch's color-coded alert system would tip off end users to potential malicious meddling.

Every alert is tied to a time stamp, "so it helps to build a picture of what took place while you were away from the phone," he said.

Deloatch's invention marks the third patent he's filed while working in the secretive halls of Fort Meade. He's now courting commercial partners to license the technology and bring it to a broader audience.

The effort is part of NSA's Technology Transfer Program, a rare public-facing effort from the intelligence agency. Congress mandated the program, which is used in part to justify NSA's classified research and development budget. A 2016 study sponsored by the Department of Defense found license agreements using NSA technology generated nearly $350 million in economic impacts over a decade and a half.

"The technology is not classified—it's the use of it," Deloatch explained. "I think sometimes people are shocked by what we do put out."

Deloatch said he's heard from a few organizations interested in licensing his latest mobile defense add-on. One of his past inventions, an integrity scanner for BlackBerry devices, was incorporated into the Sentinel product line from tech firm Fixmo in the early 2010s. The impetus for developing the technology came from a White House request to use BlackBerry devices for official communications.

The Fixmo case brought an unusual level of exposure to an agency accustomed to operating well out of the limelight.

Last year, NSA launched a public account on the code-sharing site GitHub, posting a range of tools released under its tech transfer program. One of those open-source tools, Grassmarlin, is tailormade for discovering devices on industrial control systems. Grassmarlin has been used by the natural gas sector as well as the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team.

"It depends on the type of company and the relationship" with NSA, Deloatch said. "We want you to use [cybersecurity] mitigations that can help you. If anything, if it was the opposite, and we held onto that material, people would get upset."

Former NSA officials have said the agency is still rebuilding its reputation following disclosures from former intelligence contractor Edward Snowden, who leaked top-secret documents exposing an NSA-run mass surveillance program in 2014.

Navy Adm. Michael Rogers, who led NSA and the U.S. Cyber Command until he retired from the dual-hat posts this summer, told an industry audience at an oil and gas conference in October that the agency tends to keep a low profile when it comes to its information assurance mission.

"We're a foreign intelligence organization, so generally we will partner with the FBI, DHS," or other domestic civilian agencies, he said. "You won't necessarily know it came from us."

Still, Rogers pointed out a few notable exceptions to that rule, citing cases when NSA analysts provided direct, on-the-ground support to private companies. One such case was in 2014, when suspected North Korean government hackers launched a damaging cyberattack on Sony Pictures Entertainment.

More recently, in 2017, a suspected Russian hacking group targeted the corporate networks of multiple nuclear power plant owners across the U.S. and caught the NSA's attention, Rogers said, adding that only business-side networks were found to have been affected. "We actually sent people out to a couple [nuclear] facilities [to] partner with the production owner, to go through their networks," he said.

NSA support "happens occasionally on very high-level, highly visible kinds of things," Rogers added, "but day to day, it will be through the FBI and the DHS."